Solution Accelerators

Updated: January 28, 2013

Welcome to the technical library for Solution Accelerators.

Here you will find a complete alphabetical listing of all Solution Accelerators.

To find Solution Accelerators for the most recent Microsoft products and technologies, grouped by Solution Accelerator Suite (Desktop, Server, Virtualization…) or by MOF IT Service Lifecycle (Plan, Deliver, Operate…), see the Solution Accelerators Home Page.

Because of their inherent permissions and power, administrator accounts on computers that run Microsoft Windows Server 2003 are both the most useful and potentially the most dangerous accounts on your computer. This guide provides prescriptive guidance to address the problem of intruders who acquire administrator account credentials and then use them to compromise the network.

This tool takes an application request submitted through the System Center 2012 Configuration Manager Application Catalog and transforms it into a System Center 2012 - Service Manager service request, allowing flexible approval lists and activities.

Users with administrative rights on their client computers are at increased risk from malicious software encountered via browsers, e-mail clients, and instant messaging programs. The least-privileged user account (LUA) approach is a key part of an effective defensive strategy to mitigate this risk. LUA ensures that users follow the principle of least privilege and always log on with limited user accounts.

B

C

The Microsoft System Center Configuration Manager 2007 Dashboard lets you track the deployments of software, OS, security update and IT compliance with key regulations at a glance – with an easy to use and customizable graphical dashboard.

D

Streamline your compliance experience with new features in the Data Classification Toolkit. The toolkit supports file servers running Windows Server 2012 and Windows Server 2008 R2 SP1. In addition to configuring File Classification Infrastructure (FCI) on your file servers, the latest version of the toolkit allows you to manage central access policy across the file servers in your organization. The toolkit enhances the user experience by providing scenario-based wizards that you can use to configure, export, import, and compare file classifications, as well as manage central access policy on your file servers. It provides tools to provision user and device claim values and central access policy across a forest to help simplify configuring Dynamic Access Control in Windows Server 2012. The toolkit also provides a new report template that you can use to review existing central access policy on file shares.

The Data Encryption Toolkit for Mobile PCs provides tested guidance and powerful tools to help you protect your organization’s most vulnerable data. The strategies outlined in this Toolkit are easy to understand, and the guidance shows you how to optimize two key encryption technologies already available to you in Microsoft Windows XP or Windows Vista: the Encrypting File System (EFS) and Microsoft BitLocker Drive Encryption (BitLocker).

This guide discusses processes and tools for use in internal computer investigations. It introduces a multi-phase model that is based on well-accepted procedures in the computer investigation community. It also presents an applied scenario example of an internal investigation in an environment that includes Microsoft Windows–based computers. The investigation uses Windows Sysinternals tools (advanced utilities that can be used to examine Windows–based computers) as well commonly available Windows commands and tools.

I

VPN connections allow employees and partners to connect to a corporate local area network (LAN) over a public network in a secure manner. Although a VPN provides secure access by encrypting data though the VPN tunnel, it does not prevent intrusions by malicious software that initiates from the remote access computer. Virus or worm attacks can result from infected computers that connect to the LAN. VPN quarantine provides a mechanism to address these issues. This guide describes the challenges in planning and implementing quarantine services with VPN through the new features available in Microsoft Windows Server 2003 with Service Pack 1 (SP1).

This guide provides a logical roadmap to progress from reactive to proactive IT service management, moving from one of four defined levels of IT services to the next more efficient and streamlined level of services. Each document briefly describes each of the four levels, and explains each capability in the Microsoft Core Infrastructure Optimization Model. It then introduces high-level concepts for planning, building, deploying, and managing these capabilities and provides links to relevant resources where more detailed and actionable content can be found.

The Infrastructure Planning and Design (IPD) series provides guidance for Microsoft infrastructure products, including Windows Server 2008 R2. The series is a collection of documents that lead the reader through a sequence of core decision points to design an infrastructure for Microsoft products. It also provides a means to validate design decisions with the business to ensure that the solution meets the requirements of both business and infrastructure stakeholders. It includes the following individual guides:

This guide provides easy-to-understand and extensive methodology for Microsoft Security Development Lifecycle (SDL) threat modeling. For organizations that want to establish a threat model process to help prioritize investments in IT infrastructure security.

J

K

L

M

This guide was designed to provide your organization with the latest information to plan the most cost-effective defense approach to malicious software (also called malware), detailing considerations for planning and implementing a comprehensive antimalware defense for your organization.

When a user requests an application through the System Center 2012 Configuration Manager Application Catalog that requires approval, this approval workflow solution will transform the application request into a System Center 2012 - Service Manager service request allowing flexible approval lists and activities.

The Microsoft Application Virtualization (App-V) Dashboard helps customers keep track of the usage, health, and compliance of their virtualized applications—in near real time! Using the Dashboard’s built-in charts, gauges, and tables, customers can track any App-V dataset. The Dashboard can be installed in minutes, and it’s easy to customize to meet the unique needs of each organization.

Integrate Microsoft Forefront Client Security and Network Access Protection (NAP) to provide an additional defense-in-depth layer against attacks while giving administrators a significant degree of control over the security and health of networked computers.

This series of papers provides numerous identity and access management concepts, techniques, and solutions for use in heterogeneous IT environments. Identity and access management combines processes, technologies, and policies to manage digital identities and specify how they are used to access resources.

Q

R

S

Administrators are increasingly aware of the dangers that result if they rely only on user names and passwords to provide authentication to network resources. Smart cards and their associated PINs are an increasingly popular, reliable, and cost-effective form of two-factor authentication. With the right controls in place, the user must have the smart card and know the PIN to gain access to network resources. The two-factor requirement significantly reduces the likelihood of unauthorized access to an organization's network.

Securing Wireless LANs with Certificate Services is a prescriptive guide that addresses vulnerabilities in today's wireless networks. Despite the many productivity and technology benefits that WLANs offer, insufficient security has prevented a number of organizations from deploying them. This guidance provides information for IT Professionals about how to design, implement, and operate a wireless security infrastructure built with 802.1X and WLAN encryption, RADIUS, and a public key infrastructure (PKI).

Securing Wireless LANs with PEAP and Passwords is designed to guide you through the complete life cycle of planning, deploying, testing, and managing a wireless security solution. It uses a flexible architecture that is adaptable for organizations ranging in size from less than 50 users to those with several thousand users. The guide comprises an end-to-end solution that encompasses the complete life cycle of planning, building, testing, and managing the solution. Its prescriptive guidance provides solution design choices based on best practices and knowledge gained from WLAN deployments at Microsoft and its customers.

Extensive media reporting about the spread of malicious software through the Internet has significantly raised the profile of external threats to organizations' network resources. However, some of the greatest threats to any organization's infrastructure come from attacks that originate from within the internal network. This guide describes how to plan a security monitoring system on Windows-based networks. This system can detect attacks that originate from internal and external sources. The main aim of a security monitoring system is to identify unusual events on the network that indicate malicious activity or procedural errors.

Customers can be overwhelmed when attempting to put in place a plan for security risk management. This can be because they do not have the in-house expertise, budget resources, or guidelines to outsource. To assist these customers, the Microsoft has developed The Security Risk Management Guide. This guide helps customers of all types plan, build, and maintain a successful security risk management program. In a four phase process, depicted below, the guide explains how to conduct each phase of a risk management program and how to build an ongoing process to measure and drive security risks to an acceptable level.

Large organizations face increasing challenges in securing the perimeters of their networks. Wireless networks and wireless connection technologies have made network access easier than ever. This increased connectivity means that domain members on the internal network are increasingly exposed to significant risks from inside and outside the organization. This guide provides tested guidance around two solutions: server isolation, to ensure that a server accepts network connections only from trusted domain members or a specific group of domain members; and domain isolation, to isolate domain members from not trusted connections. These solutions can be used separately or together as part of an overall logical isolation solution.

The Service Level Dashboard addresses the need for organizations to ensure that their business-critical IT resources (applications and systems) are available and performing at acceptable levels. The dashboard evaluates an application or group over a selected time period, determines whether it met the defined service level commitment, and displays summarized data.

This guide is an important resource to plan strategies to run services securely under the Microsoft Windows Server 2003 and Windows XP operating systems. It addresses the common problem of Windows services that are set to run with highest possible privileges, which an attacker could compromise to gain full and unrestricted access to the computer or domain, or even to the entire forest. It describes ways to identify services that can run with lesser privileges, and explains how to downgrade those privileges methodically. This guide can help you assess your current services infrastructure and make some important decisions when you plan for future service deployments.

The SharePoint Capacity Planning Tool is a general-purpose modeling tool that complements SharePoint’s deployment planning documentation. With this tool and the analysis it provides, you can get a head start on planning your SharePoint topology. After you provide the tool with basic information about your organization, the tool provides a first approximation of the topology your organization needs.

Contains two management packs for System Center Operations Manager 2007: Windows® SharePoint Services 3.0 Management Pack and Microsoft Office SharePoint Server 2007 Management Pack. These monitor the health state of the components in a SharePoint environment that affect performance and availability. When there is an issue that may cause service or performance degradation, Operations Manager 2007 uses the management packs to detect the issue, alert system administrators to its existence, and facilitate diagnosis and corrective action.

Guidance on how to use the desired configuration management (DCM) feature of Microsoft System Center Configuration Manager 2007 to scan the computers in your environment. You can then use the scan results to document the compliance level of the computers with the Federal Desktop Core Configuration (FDCC) mandate.

Deeply integrated with Service Manager, the System Center Process Pack for IT GRC translates complex regulations and standards into authoritative control objectives and control activities for your IT organization’s compliance program. The process pack is designed to help customers understand and bind complex business objectives to their Microsoft infrastructure in an operationally efficient manner.

VMST 3.0 helps customers reduce IT costs by making it easier to update their offline virtual machines, templates, and virtual hard disks with the latest operating system and application patches—without introducing vulnerabilities into their IT infrastructure.

W

The Windows Optimized Desktop Scenarios relate the IT and user business requirements for a flexible, efficient, and managed desktop environment to sets of complementary Microsoft technologies. The guide and supporting tool in this Solution Accelerator use five standard user scenarios such as Office Worker and Mobile Worker to map requirements to technologies. This new version (v1.1) includes new features of Windows 7 and Windows Server 2008 R2 such as BranchCache, DirectAccess, BitLockerToGo, and AppBlocker.